How to make social authentication permanent?

Ricardo Gândara Pinto

unread,

Aug 12, 2016, 4:30:44 PM8/12/16

to Firebase Google Group

Hi,

When a user logs in via social credentials (Facebook, Google or Twitter), I store them locally so I can re-authenticate later if the user exits the app.

The problem is that after a certain time, I can no longer use the stored credentials and I have to prompt the user for authentication again.

So how can I make the user authenticate only once and use that choice in the app forever? I mean the user logs in once via Facebook, Google or Twitter and never has to grant firebase authorization again.

Is this possible?

Thanks.

Kato Richardson

unread,

Aug 12, 2016, 4:36:07 PM8/12/16

to Firebase Google Group

Hi Ricardo,

That's not possible, because the OAuth providers don't provide permanent tokens. They provide short-lived tokens that need to be refreshed frequently to maintain access. If you're not accessing their APIs directly, you should be able to use the Firebase auth tokens without re-authenticating against the third party services.

Check out getting the currently signed-in user for your platform.

☼, Kato

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/b104eaf1-3444-4c9b-883b-1c5edc8e67da%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Kato Richardson |

Developer Programs Eng |

kato...@google.com |

775-235-8398

Ricardo Gândara Pinto

unread,

Aug 12, 2016, 7:33:21 PM8/12/16

to Firebase Google Group

Thanks Kato.

Let me reformulate my question.

What I wanted is to prompt the user to sign in via a social provider, via pop-up or redirect.

Then store his name and photo URL: the only thing I want from the social provider.

How can I authenticate with firebase after the user has quit the app? Can I store some sort of firebase auth tokens and use them to re-authenticate?

On Friday, August 12, 2016 at 9:36:07 PM UTC+1, Kato Richardson wrote:

Hi Ricardo,

That's not possible, because the OAuth providers don't provide permanent tokens. They provide short-lived tokens that need to be refreshed frequently to maintain access. If you're not accessing their APIs directly, you should be able to use the Firebase auth tokens without re-authenticating against the third party services.

Check out getting the currently signed-in user for your platform.

☼, Kato

On Fri, Aug 12, 2016 at 12:33 PM, Ricardo Gândara Pinto <rpi...@gmail.com> wrote:

Hi,

When a user logs in via social credentials (Facebook, Google or Twitter), I store them locally so I can re-authenticate later if the user exits the app.
The problem is that after a certain time, I can no longer use the stored credentials and I have to prompt the user for authentication again.
So how can I make the user authenticate only once and use that choice in the app forever? I mean the user logs in once via Facebook, Google or Twitter and never has to grant firebase authorization again.
Is this possible?

Thanks.

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/b104eaf1-3444-4c9b-883b-1c5edc8e67da%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Kato Richardson

unread,

Aug 15, 2016, 2:30:01 PM8/15/16

to Firebase Google Group

Ricardo,

You'll need to store the photo and profile data yourself. I'd recommend keeping it in Firebase Database. There are several existing discussion on this topic:

http://stackoverflow.com/questions/37554582/how-to-access-another-firebaseusers-properties&sa=D&usg=AFQjCNERuo8Kg1e8PLQUPF9W1mGgLWgXDA

http://stackoverflow.com/questions/37942746/how-to-get-firebase-users-info&sa=D&usg=AFQjCNEHiWEquKk9TSCjpb8qryH_6zmaMA

http://stackoverflow.com/questions/38372779/google-sign-in-users-not-appearing-in-fireabse-database&sa=D&usg=AFQjCNEy-rcmm1eWxjtFuI3ccJ19F-9rDw

http://stackoverflow.com/questions/38369222/angularfire-3-0-how-to-get-user-object-from-email?noredirect%3D1&sa=D&usg=AFQjCNEz12TgsEWGDWCv3StmzqJo-pmtaw

http://stackoverflow.com/questions/38390783/custom-login-in-firebase-through-child-on-android&sa=D&usg=AFQjCNEvtk2im62L9NAzPuq-vC6stPdV6w

If you use Firebase authentication, we take care of storing creds and reauthenticating. You don't have to do anything special here. Have you tried the link I sent you above and using that to read auth on subsequent loads? Are you having specific issues?

☼, Kato

To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/f9b2d263-14ce-4fae-99a5-3ca3f1ccaa90%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Ricardo Gândara Pinto

unread,

Aug 15, 2016, 6:05:37 PM8/15/16

to Firebase Google Group

Ok I understand it now.

Firebase will keep sessions indefinitely. I'll just store user name and photo on social login.

Thanks.

Reply all

Reply to author

Forward